Lucene search
K

6919 matches found

CVE
CVE
added 2026/06/30 12:1 p.m.18 views

CVE-2026-53432

CVE-2026-53432 (fzf) affects the fzf project, specifically the FuzzyMatchV2 function. Affected scenario involves processing extremely long input lines (≈2,200,000 bytes) with a pattern length of 999 bytes, which causes an integer overflow and triggers a non-recoverable panic, terminating the proc...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/29 8:21 p.m.46 views

CVE-2026-34594 Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitra...

8.8CVSS0.01092EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 7:42 p.m.39 views

CVE-2026-43722

CVE-2026-43722 affects Apple OS components (kernel) on macOS Tahoe and related iOS/iPadOS versions. The issue could allow an app to leak sensitive kernel state via malicious content processed locally; attack vector is local with required user interaction and no privileges, and exploitation status...

5.5CVSS5.7AI score0.00147EPSS
Exploits0References2Affected Software3
NVD
NVD
added 2026/06/29 3:16 p.m.10 views

CVE-2026-46406

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

6.1CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-13165

SzafirHost verifies the downloaded native library archive with one JarFile parser reading the Central Directory but extracts native libraries with JarInputStream parser reading sequentially from local file headers. An attacker who controls the served archive can insert a malicious DLL/SO/DYLIB as...

8.6CVSS0.00418EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 2:4 p.m.8 views

CVE-2026-55607

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...

7.7CVSS6.3AI score0.00765EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/29 2:3 p.m.8 views

EUVD-2026-40116

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS5.9AI score0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/29 12:1 p.m.6 views

CVE-2026-50171

A flaw was found in the @angular/common package of Angular. The formatNumber function, which is also used by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. A remote attacker could exploit this by providing a maliciously crafted...

8.2CVSS5.6AI score0.00161EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 5:30 a.m.23 views

CVE-2026-13539

The CVE concerns Wavlink WL-NU516U1-A M16U1_V240425. The vulnerable component is the POST Parameter Handler in /cgi-bin/wireless.cgi, specifically function sub_407504, where manipulation of Guest_ssid causes a stack-based buffer overflow. This can be triggered remotely; exploitation is publicly a...

9CVSS8AI score0.00466EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:15 a.m.11 views

CVE-2026-13538

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...

6.5CVSS6.4AI score0.01306EPSS
Exploits0References10
CVE
CVE
added 2026/06/29 5:15 a.m.19 views

CVE-2026-13538

The CVE concerns Wavlink WL-NU516U1-A (M16U1_V240425) with a vulnerability in /cgi-bin/wireless.cgi, function sub_401D68, within the POST Parameter Handler. Manipulating arguments SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 leads to command injection. Remote exploitation is possible, and an exploit has ...

6.5CVSS6.4AI score0.01306EPSS
Exploits0References10
Amazon
Amazon
added 2026/06/29 12:0 a.m.7 views

Critical: rclone

Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from th...

9.8CVSS5.9AI score0.00701EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/27 1:52 a.m.7 views

SUSE CVE-2026-54448

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...

6.5CVSS5.8AI score0.0025EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 10:16 p.m.10 views

CVE-2026-55069

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...

8.7CVSS0.00158EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 10:16 p.m.15 views

CVE-2026-49984

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to forward slashes. An attacker can therefore smuggle a traversal sequence past...

7.7CVSS0.00386EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 9:3 p.m.12 views

EUVD-2026-37943

deepstream is vulnerable to prototype pollution...

9.9CVSS5.8AI score0.0027EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 8:44 p.m.31 views

CVE-2026-54350 Budibase: Anonymous NoSQL operator injection via published-app query templates

Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write...

10CVSS0.00538EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:21 p.m.7 views

CVE-2026-48778

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...

7.8CVSS5.8AI score0.01314EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2026/06/26 8:19 p.m.37 views

CVE-2026-52885 Notepad++ TOCTOU: HMAC Checks Disk, Executes from Memory

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

7.5CVSS0.00129EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:41 p.m.7 views

CVE-2026-44731

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder